Security Testing Essential Training (2022)
3h 27mBeginner2022-10-25
Authors

Jerod Brennen
Security Architect, Advisor, Speaker, Teacher
Course details
Is your organization secure? In order to answer this question confidently, you need to perform testing to prove that it is indeed secure. However, not all security testing is the same. A risk assessment is not a vulnerability assessment; a penetration test won't measure compliance. For a successful career, a security analyst needs to understand the many different types of security testing and know when and how to implement them. This course with security architect Jerod Brennen provides the resources you need to set up a testing environment, plan assessments, identify targets, and begin executing security tests. Jerod also helps you analyze test results and draft a report of your findings. Plus, see popular testing framework tools in action, including Nmap, Nessus, Wireshark, Lynis, OWASP ZAP, Aircrack-ng, and hashcat, as run on a Kali Linux virtual machine.
Skills covered
NmapNessusTenableWiresharkSecurity TestingNetwork SecurityEssential TrainingCybersecurityOpen Source
Concepts
0. Introduction
- 01 - The importance of security testing
- 02 - What you should know
1. Understanding Security Assessments
- 03 - Language is important
- 04 - Risk assessments
- 05 - Calculating risk score
- 06 - Security controls assessments
- 07 - NIST and ISO
- 08 - Compliance assessments
- 09 - Vulnerability assessments
- 10 - Penetration tests
- 11 - Goals of a pen test
- 12 - The security assessment lifecycle
2. Your Testing Environment
- 13 - The security tester's toolkit
- 14 - Kali Linux
- 15 - Nmap
- 16 - Nessus
- 17 - Wireshark
- 18 - Lynis
- 19 - CIS-CAT Lite
- 20 - Aircrack-ng
- 21 - Hashcat
- 22 - OWASP ZAP
- 23 - OWASP ZAP demo
3. Planning Your Assessment
- 24 - Understanding your scope
- 25 - Improving over time
- 26 - Selecting your methodology
- 27 - Selecting your tools
- 28 - Basic assessment tools
- 29 - Advanced assessment tools
4. Review Techniques
- 30 - Documentation review
- 31 - Log review
- 32 - Log management tools
- 33 - Ruleset review
- 34 - System configuration review
- 35 - CIS-CAT demo
- 36 - Network sniffing
- 37 - Wireshark demo
- 38 - File integrity checking
5. Identifying Your Targets
- 39 - Network discovery
- 40 - Open-source intelligence
- 41 - Network port and service identification
- 42 - Nmap demo
- 43 - Vulnerability scanning
- 44 - Determining severity
- 45 - Nessus demo
- 46 - Wireless scanning
- 47 - Wireless testing process
- 48 - Aircrack-ng demo
6. Vulnerability Validation
- 49 - Password cracking
- 50 - Hashcat demo
- 51 - Penetration test planning
- 52 - Penetration test tools
- 53 - Penetration test techniques
- 54 - Social engineering
- 55 - SET demo
7. Additional Considerations
- 56 - Coordinating your assessments
- 57 - Data analysis
- 58 - Providing context
- 59 - Data handling
- 60 - Drafting your report
- 61 - Delivering your report
Conclusion
- 62 - Next steps
- 63 - Additional resources
Related courses
Related learn paths
- Explore a Career in Application Security
- The Top Skills IT Professionals Have Right Now
- Prepare for the AZ-203 Developing Solutions for Microsoft Azure Exam
- Build Your Cybersecurity Awareness Skills
- Master Digital Transformation
- Become a Penetration Tester
- Penetration Testing Professional Certificate
- Getting Started with Software Testing